In a significant cybersecurity incident, a French hospital has suffered a data breach compromising the medical records of over 750,000 patients. This alarming event highlights the vulnerabilities in protecting sensitive healthcare information.

Details of the Breach

A hacker, self-identified as "nears," claims responsibility for infiltrating multiple healthcare institutions across France, accessing records of more than 1.5 million individuals. The breach was achieved through unauthorized entry into Mediboard, an electronic patient record system widely used in European hospitals. Softway Medical Group, the creators of Mediboard, confirmed the breach resulted from stolen login credentials rather than a system misconfiguration or inherent software flaw. The unauthorized access was detected on November 19, 2024, within a healthcare facility utilizing Mediboard. Softway has clarified that the compromised data was not hosted on their servers.

Exposed Data

According to Bleeping Computer, the compromised records include sensitive personal information such as: - Full names - Dates of birth - Gender - Home addresses - Phone numbers - Email addresses - Physician details - Prescription histories - Health card usage "Nears" has allegedly offered access to the Mediboard system for sale on a dark web forum, promising potential buyers the ability to view and manipulate healthcare and billing data, as well as schedule appointments unlawfully. Although there is currently no evidence of a successful sale, the hacker suggests interacting with three potential clients.

Potential Risks and Precautions

The breach presents a severe risk of patients falling victim to identity theft, phishing attempts, and social engineering attacks. Even if the data is not sold, it may still be leaked online, offering malicious actors a treasure trove of information for fraudulent schemes. Healthcare institutions are urged to reinforce cyber defenses and ensure compliance with data protection regulations. More information on securing patient data and regulatory compliance can be found through resources such as Tripwire.

*Editor’s Note: The views expressed in this article are those of the contributing source author and do not necessarily represent the views of Vault33.*

The link has been copied!